.24 




C 



USER LOGIN 



I 



.26 



DETERMINE DIG. 
SIGNATURE 
LIFETIME AND 
CREATION TIME 
FROM DIG. SIGN. 
CERTIFICATE DATA 




CONTACT MANGER 
TO ESTABLISH NEW 
KEY SIGNING PAIR - 
CLIENT GENERATES 

KEY PAIR AND 
SENDS PUBLIC KEY 
TO MANAGER BY 
PROTECTED DIG. 
SIGNATURE AND 
ENCRYPTED 
MESSAGE 



1 r 



34 



PROVIDE SELECTABLE 
CERTIFICATE LIFETIME AND 

PRIVATE KEY LIFETIME 
DATA FOR EACH SELECTED 
CLIENT (ON A PER CLIENT 
BASIS) 



.36 



STORE SELECTED 
DATA VALUES FOR 
EACH CLIENT IN 
CLIENT MANAGER 
DATABASE 



VERIFY 
AUTHENTICITY OF 
CLIENT AND DATA 

FROM CLIENT 
REQUEST USING 
PKIX Part 3 



z: 



42 



CLIENT GENERATES 
NEW DIGITAL 
SIGNATURE KEY 
PAIR 



r 



A4 



CLIENT SENDS NEW 
DIG. SIGN. PUBLIC 
KEY PAIR TO 
MANAGER 





46 



MANAGER CREATES NEW 
DIG. SIGN. CERTIFICATE 
WITH SELECTED EXPIRY 

DATA BY ASSOCIATING 
SELECTED EXPIRY DATA 

WITH NEW KEY PAIRS 



48 



SEND NEW DIG. 
SIGN CERTIFICATE 
TO REQUESTING 
CLIENT 



r 



50 



WAIT FOR ANOTHER 
CLIENT REQUEST 

OR NEW SELECTION 
OF EXPIRY DATA 



FIG. 2 

DIGITAL SIGNATURE 
KEY PAIR UPDATING 



r 



60 





USER LOGIN 



3 



L 



62 



DETERMINE 
ENCRYPTION 
LIFETIME AND 
CREATION TIME 
FROM ENCRYPTION 
CERTIFICATE DATA 



NO 

-64 

IS 

REMAINING 
LIFETIME LESS 
THAN 100 DAYS AND 
JS TOTAL LIFETIME^ 
^T LEAST 50%> 
OVER? 



YES 



L 



66 



CLIENT GENERATES 

ENCRYPTION 
UPDATE REQUEST 
AND GENERATES 

KEY PAIR AND 
SENDS PUBLIC KEY 
TO MANAGER BY 
PROTECTED DIG. 
SIGNATURE AND 
ENCRYPTED 
MESSAGE 



68 



PROVIDE SELECTABLE 
ENCRYPTION CERTIFICATE 
LIFETIME DATA FOR EACH 
SELECTED CLIENT (ON A 
PER CLIENT BASIS) 



/I 



70 



STORE SELECTED 
DATA VALUES FOR 
EACH CLIENT IN 
CLIENT MANAGER 
DATABASE 




Yes ^ 



VERIFY 
AUTHENTICITY OF 
CLIENT AND DATA 

FROM CLIENT 
REQUEST USING 
PKIX Part 3 



76 



CLIENT GENERATES 
NEW ENCRYPTION 
KEY PAIR 



r 



78 



CLIENT SENDS NEW 
ENCRYPTION KEY 
TO CLIENT 
MANAGER (AND 
PRIVATE KEY PAIR 
IF DESIRED) 



z: 



80 



MANAGER CREATES NEW 
ENCRYPTION CERTIFICATE 
WITH SELECTED EXPIRY 
DATA BY ASSOCIATING 
SELECTED EXPIRY DATA 
WITH NEW KEY PAIRS 



82 



SEND NEW 
ENCRYPTION 
CERTIFICATE TO 
REQUESTING 
CLIENT 



84 



WAIT FOR ANOTHER 
CLIENT REQUEST 

OR NEW SELECTION 
OF EXPIRY DATA 



FIG. 3 

ENCRYPTION KEY 
PAIR UPDATING 



c 



r 



24 



USER LOGIN 



I 



L 



26 



DETERMINE DIG. 
SIGNATURE 
LIFETIME AND 
CREATION TIME 
FROM DIG. SIGN. 
CERTIFICATE DATA 



.28 



NO 



IS 

EMAINING^ 
LIFETIME LESS 
THAN 100 DAYS AND 
JS TOTAL LIFETIME 
J LEAST 50V 
OVER?> 



YES 



30 



CONTACT MANAGER 
TO ESTABLISH NEW 
SIGNING KEY 
PAIRCLIENT 
GENERATES KEY 
PAIR AND SENDS 
PUBLIC KEY TO 
MANAGER BY 
PROTECTED DIG. 
SIGNATURE AND 
ENCRYPTED 
MESSAGE 




34 



PROVIDE SELECTABLE 
CERTIFICATE LIFETIME AND 

PRIVATE KEY LIFETIME 
DATA FOR EACH SELECTED 
CLIENT (ON A PER CLIENT 
BASIS) 



36 



STORE SELECTED 
DATA VALUES FOR 

EACH CLIENT IN 
CLIENT MANAGER 
DATABASE 




VERIFY 
AUTHENTICITY OF 
CLIENT AND DATA 

FROM CLIENT 
REQUEST USING 
PKIX Part 3 



r 



86 



MULTI-CLIENT 
MANAGER 
GENERATES NEW 
DIGITAL SIGNATURE 
KEY PAIR FOR EACH 
CLIENT 



46 



MANAGER CREATES NEW 
DIG. SIGN. CERTIFICATE 
WITH SELECTED EXPIRY 

DATA BY ASSOCIATING 
SELECTED EXPIRY DATA 

WITH NEW KEY PAIRS 



88 



MANAGER SENDS NEW 
DIG. SIGN CERTIFICATE, 
PUBLIC KEY AND PRIVATE 
KEY TO REQUESTING 
CLIENT 



50 



WAIT FOR ANOTHER 
CLIENT REQUEST 

OR NEW SELECTION 
OF EXPIRY DATA 



FIG. 4 

MANAGER GENERATES 
DATA FOR DIG. 
SIGNATURE 
CERTIFICATE 



